[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-41506":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":588,"aliases":589,"duplicate_of":9,"upstream":591,"downstream":592,"duplicates":607,"related":608,"reserved_at":9,"published_at":615,"modified_at":616,"state":617,"summary":618,"references_raw":627,"kevs":658,"epss":659,"epss_history":662,"metrics":748,"affected":762},"CVE-2026-41506","go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-522","Insufficiently Protected Credentials","The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.","weakness","Incomplete","Class",[19,23,77,81,156,232,313,367,397,438,497,532,584],{"id":20,"name":21,"techniques":22},"CAPEC-102","Session Sidejacking",[],{"id":24,"name":25,"techniques":26},"CAPEC-474","Signature Spoofing by Key Theft",[27],{"id":28,"name":29,"tactics":30,"countermeasures":34},"T1552.004","Private Keys",[31],{"id":32,"name":33},"TA0031","Credential Access",[35,40,45,49,54,59,63,67,72],{"id":36,"name":37,"tactic":38},"D3-CCSA","Credential Compromise Scope Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-CR","Credential Revocation",{"name":44},"Evict",{"id":46,"name":47,"tactic":48},"D3-ANCI","Authentication Cache Invalidation",{"name":44},{"id":50,"name":51,"tactic":52},"D3-DUC","Decoy User Credential",{"name":53},"Deceive",{"id":55,"name":56,"tactic":57},"D3-CH","Credential Hardening",{"name":58},"Harden",{"id":60,"name":61,"tactic":62},"D3-MFA","Multi-factor Authentication",{"name":58},{"id":64,"name":65,"tactic":66},"D3-CRO","Credential Rotation",{"name":58},{"id":68,"name":69,"tactic":70},"D3-RIC","Reissue Credential",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CTS","Credential Transmission Scoping",{"name":76},"Isolate",{"id":78,"name":79,"techniques":80},"CAPEC-50","Password Recovery Exploitation",[],{"id":82,"name":83,"techniques":84},"CAPEC-509","Kerberoasting",[85],{"id":86,"name":83,"tactics":87,"countermeasures":89},"T1558.003",[88],{"id":32,"name":33},[90,94,98,102,106,110,114,118,122,124,128,130,132,134,136,138,140,144,148,150,154],{"id":91,"name":92,"tactic":93},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":39},{"id":95,"name":96,"tactic":97},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":39},{"id":99,"name":100,"tactic":101},"D3-CSPP","Client-server Payload Profiling",{"name":39},{"id":103,"name":104,"tactic":105},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":39},{"id":107,"name":108,"tactic":109},"D3-NTSA","Network Traffic Signature Analysis",{"name":39},{"id":111,"name":112,"tactic":113},"D3-APCA","Application Protocol Command Analysis",{"name":39},{"id":115,"name":116,"tactic":117},"D3-NTCD","Network Traffic Community Deviation",{"name":39},{"id":119,"name":120,"tactic":121},"D3-RTSD","Remote Terminal Session Detection",{"name":39},{"id":36,"name":37,"tactic":123},{"name":39},{"id":125,"name":126,"tactic":127},"D3-RTA","RPC Traffic Analysis",{"name":39},{"id":41,"name":42,"tactic":129},{"name":44},{"id":46,"name":47,"tactic":131},{"name":44},{"id":50,"name":51,"tactic":133},{"name":53},{"id":55,"name":56,"tactic":135},{"name":58},{"id":60,"name":61,"tactic":137},{"name":58},{"id":64,"name":65,"tactic":139},{"name":58},{"id":141,"name":142,"tactic":143},"D3-TB","Token Binding",{"name":58},{"id":145,"name":146,"tactic":147},"D3-TBA","Token-based Authentication",{"name":58},{"id":68,"name":69,"tactic":149},{"name":71},{"id":151,"name":152,"tactic":153},"D3-NTF","Network Traffic Filtering",{"name":76},{"id":73,"name":74,"tactic":155},{"name":76},{"id":157,"name":158,"techniques":159},"CAPEC-551","Modify Existing Service",[160],{"id":161,"name":162,"tactics":163,"countermeasures":170},"T1543","Create or Modify System Process",[164,167],{"id":165,"name":166},"TA0110","Persistence",{"id":168,"name":169},"TA0111","Privilege Escalation",[171,176,180,184,188,192,196,200,204,208,212,216,220,224,228],{"id":172,"name":173,"tactic":174},"D3-DI","Data Inventory",{"name":175},"Model",{"id":177,"name":178,"tactic":179},"D3-FA","File Analysis",{"name":39},{"id":181,"name":182,"tactic":183},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":185,"name":186,"tactic":187},"D3-SFA","System File Analysis",{"name":39},{"id":189,"name":190,"tactic":191},"D3-FEV","File Eviction",{"name":44},{"id":193,"name":194,"tactic":195},"D3-DF","Decoy File",{"name":53},{"id":197,"name":198,"tactic":199},"D3-FE","File Encryption",{"name":58},{"id":201,"name":202,"tactic":203},"D3-SCP","System Configuration Permissions",{"name":58},{"id":205,"name":206,"tactic":207},"D3-RF","Restore File",{"name":71},{"id":209,"name":210,"tactic":211},"D3-RD","Restore Database",{"name":71},{"id":213,"name":214,"tactic":215},"D3-CF","Content Filtering",{"name":76},{"id":217,"name":218,"tactic":219},"D3-LFP","Local File Permissions",{"name":76},{"id":221,"name":222,"tactic":223},"D3-RFAM","Remote File Access Mediation",{"name":76},{"id":225,"name":226,"tactic":227},"D3-CQ","Content Quarantine",{"name":76},{"id":229,"name":230,"tactic":231},"D3-CM","Content Modification",{"name":76},{"id":233,"name":234,"techniques":235},"CAPEC-555","Remote Services with Stolen Credentials",[236,270,302],{"id":237,"name":238,"tactics":239,"countermeasures":243},"T1021","Remote Services",[240],{"id":241,"name":242},"TA0109","Lateral Movement",[244,246,248,250,252,254,256,258,260,264,268],{"id":91,"name":92,"tactic":245},{"name":39},{"id":95,"name":96,"tactic":247},{"name":39},{"id":99,"name":100,"tactic":249},{"name":39},{"id":103,"name":104,"tactic":251},{"name":39},{"id":107,"name":108,"tactic":253},{"name":39},{"id":111,"name":112,"tactic":255},{"name":39},{"id":115,"name":116,"tactic":257},{"name":39},{"id":119,"name":120,"tactic":259},{"name":39},{"id":261,"name":262,"tactic":263},"D3-CAA","Connection Attempt Analysis",{"name":39},{"id":265,"name":266,"tactic":267},"D3-ST","Session Termination",{"name":44},{"id":151,"name":152,"tactic":269},{"name":76},{"id":271,"name":272,"tactics":273,"countermeasures":277},"T1114.002","Remote Email Collection",[274],{"id":275,"name":276},"TA0100","Collection",[278,282,286,290,294,298],{"id":279,"name":280,"tactic":281},"D3-NNI","Network Node Inventory",{"name":175},{"id":283,"name":284,"tactic":285},"D3-PLM","Physical Link Mapping",{"name":175},{"id":287,"name":288,"tactic":289},"D3-LLM","Logical Link Mapping",{"name":175},{"id":291,"name":292,"tactic":293},"D3-EHB","Endpoint Health Beacon",{"name":39},{"id":295,"name":296,"tactic":297},"D3-ER","Email Removal",{"name":44},{"id":299,"name":300,"tactic":301},"D3-RNA","Restore Network Access",{"name":71},{"id":303,"name":304,"tactics":305,"countermeasures":310},"T1133","External Remote Services",[306,307],{"id":165,"name":166},{"id":308,"name":309},"TA0108","Initial Access",[311],{"id":265,"name":266,"tactic":312},{"name":44},{"id":314,"name":315,"techniques":316},"CAPEC-560","Use of Known Domain Credentials",[317],{"id":318,"name":319,"tactics":320,"countermeasures":330},"T1078","Valid Accounts",[321,324,327,328,329],{"id":322,"name":323},"TA0030","Defense Evasion",{"id":325,"name":326},"TA0005","Stealth",{"id":165,"name":166},{"id":168,"name":169},{"id":308,"name":309},[331,335,339,343,347,351,355,359,363],{"id":332,"name":333,"tactic":334},"D3-AM","Access Modeling",{"name":175},{"id":336,"name":337,"tactic":338},"D3-LAM","Local Account Monitoring",{"name":39},{"id":340,"name":341,"tactic":342},"D3-DAM","Domain Account Monitoring",{"name":39},{"id":344,"name":345,"tactic":346},"D3-AL","Account Locking",{"name":44},{"id":348,"name":349,"tactic":350},"D3-AA","Agent Authentication",{"name":58},{"id":352,"name":353,"tactic":354},"D3-CDP","Change Default Password",{"name":58},{"id":356,"name":357,"tactic":358},"D3-ULA","Unlock Account",{"name":71},{"id":360,"name":361,"tactic":362},"D3-RUAA","Restore User Account Access",{"name":71},{"id":364,"name":365,"tactic":366},"D3-UAP","User Account Permissions",{"name":76},{"id":368,"name":369,"techniques":370},"CAPEC-561","Windows Admin Shares with Stolen Credentials",[371],{"id":372,"name":373,"tactics":374,"countermeasures":376},"T1021.002","SMB/Windows Admin Shares",[375],{"id":241,"name":242},[377,379,381,383,385,387,389,391,393,395],{"id":91,"name":92,"tactic":378},{"name":39},{"id":95,"name":96,"tactic":380},{"name":39},{"id":99,"name":100,"tactic":382},{"name":39},{"id":103,"name":104,"tactic":384},{"name":39},{"id":107,"name":108,"tactic":386},{"name":39},{"id":111,"name":112,"tactic":388},{"name":39},{"id":115,"name":116,"tactic":390},{"name":39},{"id":119,"name":120,"tactic":392},{"name":39},{"id":261,"name":262,"tactic":394},{"name":39},{"id":151,"name":152,"tactic":396},{"name":76},{"id":398,"name":399,"techniques":400},"CAPEC-600","Credential Stuffing",[401],{"id":402,"name":399,"tactics":403,"countermeasures":405},"T1110.004",[404],{"id":32,"name":33},[406,410,414,416,418,420,422,424,426,428,430,432,436],{"id":407,"name":408,"tactic":409},"D3-AEM","Application Exception Monitoring",{"name":39},{"id":411,"name":412,"tactic":413},"D3-OPM","Operational Process Monitoring",{"name":39},{"id":91,"name":92,"tactic":415},{"name":39},{"id":95,"name":96,"tactic":417},{"name":39},{"id":99,"name":100,"tactic":419},{"name":39},{"id":103,"name":104,"tactic":421},{"name":39},{"id":107,"name":108,"tactic":423},{"name":39},{"id":111,"name":112,"tactic":425},{"name":39},{"id":115,"name":116,"tactic":427},{"name":39},{"id":119,"name":120,"tactic":429},{"name":39},{"id":261,"name":262,"tactic":431},{"name":39},{"id":433,"name":434,"tactic":435},"D3-ANAA","Administrative Network Activity Analysis",{"name":39},{"id":151,"name":152,"tactic":437},{"name":76},{"id":439,"name":440,"techniques":441},"CAPEC-644","Use of Captured Hashes (Pass The Hash)",[442],{"id":443,"name":444,"tactics":445,"countermeasures":448},"T1550.002","Pass the Hash",[446,447],{"id":322,"name":323},{"id":241,"name":242},[449,453,457,461,465,469,473,477,481,485,489,493],{"id":450,"name":451,"tactic":452},"D3-PLA","Process Lineage Analysis",{"name":39},{"id":454,"name":455,"tactic":456},"D3-PSMD","Process Self-Modification Detection",{"name":39},{"id":458,"name":459,"tactic":460},"D3-PSA","Process Spawn Analysis",{"name":39},{"id":462,"name":463,"tactic":464},"D3-PT","Process Termination",{"name":44},{"id":466,"name":467,"tactic":468},"D3-PS","Process Suspension",{"name":44},{"id":470,"name":471,"tactic":472},"D3-HR","Host Reboot",{"name":44},{"id":474,"name":475,"tactic":476},"D3-HS","Host Shutdown",{"name":44},{"id":478,"name":479,"tactic":480},"D3-KBPI","Kernel-based Process Isolation",{"name":76},{"id":482,"name":483,"tactic":484},"D3-SCF","System Call Filtering",{"name":76},{"id":486,"name":487,"tactic":488},"D3-HBPI","Hardware-based Process Isolation",{"name":76},{"id":490,"name":491,"tactic":492},"D3-ABPI","Application-based Process Isolation",{"name":76},{"id":494,"name":495,"tactic":496},"D3-WSAM","Web Session Access Mediation",{"name":76},{"id":498,"name":499,"techniques":500},"CAPEC-645","Use of Captured Tickets (Pass The Ticket)",[501],{"id":502,"name":503,"tactics":504,"countermeasures":507},"T1550.003","Pass the Ticket",[505,506],{"id":322,"name":323},{"id":241,"name":242},[508,510,512,514,516,518,520,522,524,526,528,530],{"id":450,"name":451,"tactic":509},{"name":39},{"id":454,"name":455,"tactic":511},{"name":39},{"id":458,"name":459,"tactic":513},{"name":39},{"id":462,"name":463,"tactic":515},{"name":44},{"id":466,"name":467,"tactic":517},{"name":44},{"id":470,"name":471,"tactic":519},{"name":44},{"id":474,"name":475,"tactic":521},{"name":44},{"id":478,"name":479,"tactic":523},{"name":76},{"id":482,"name":483,"tactic":525},{"name":76},{"id":486,"name":487,"tactic":527},{"name":76},{"id":490,"name":491,"tactic":529},{"name":76},{"id":494,"name":495,"tactic":531},{"name":76},{"id":533,"name":534,"techniques":535},"CAPEC-652","Use of Known Kerberos Credentials",[536],{"id":537,"name":538,"tactics":539,"countermeasures":541},"T1558","Steal or Forge Kerberos Tickets",[540],{"id":32,"name":33},[542,544,546,548,550,552,554,556,558,560,562,564,566,568,570,572,574,576,578,580,582],{"id":91,"name":92,"tactic":543},{"name":39},{"id":95,"name":96,"tactic":545},{"name":39},{"id":99,"name":100,"tactic":547},{"name":39},{"id":103,"name":104,"tactic":549},{"name":39},{"id":107,"name":108,"tactic":551},{"name":39},{"id":111,"name":112,"tactic":553},{"name":39},{"id":115,"name":116,"tactic":555},{"name":39},{"id":119,"name":120,"tactic":557},{"name":39},{"id":36,"name":37,"tactic":559},{"name":39},{"id":125,"name":126,"tactic":561},{"name":39},{"id":41,"name":42,"tactic":563},{"name":44},{"id":46,"name":47,"tactic":565},{"name":44},{"id":50,"name":51,"tactic":567},{"name":53},{"id":55,"name":56,"tactic":569},{"name":58},{"id":60,"name":61,"tactic":571},{"name":58},{"id":64,"name":65,"tactic":573},{"name":58},{"id":141,"name":142,"tactic":575},{"name":58},{"id":145,"name":146,"tactic":577},{"name":58},{"id":68,"name":69,"tactic":579},{"name":71},{"id":151,"name":152,"tactic":581},{"name":76},{"id":73,"name":74,"tactic":583},{"name":76},{"id":585,"name":586,"techniques":587},"CAPEC-653","Use of Known Operating System Credentials",[],[],[590],"GHSA-3xc5-wrhm-f963",[],[593,595,597,599,601,603,605],{"_key":594},"OPENSUSE-SU-2026:10771-1",{"_key":596},"OPENSUSE-SU-2026:10765-1",{"_key":598},"OPENSUSE-SU-2026:10803-1",{"_key":600},"UBUNTU-CVE-2026-41506",{"_key":602},"OPENSUSE-SU-2026:10830-1",{"_key":604},"RHSA-2026:17669",{"_key":606},"DEBIAN-CVE-2026-41506",[],[609,610,611,612,613],{"_key":594},{"_key":596},{"_key":598},{"_key":602},{"_key":614},"CGA-FWFH-X7W7-2JP6","2026-05-08T13:43:19.911Z","2026-05-11T18:50:50.673Z","Analyzed",{"cisa_kev":619,"cisa_ransomware":619,"cisa_vendor":9,"epss_severity":620,"epss_score":621,"severity":622,"severity_score":623,"severity_version":624,"severity_source":625,"severity_vector":626,"severity_status":617},false,"low",0.00075,"high",7.4,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",[628,637,644,648,653],{"url":629,"sources":630,"tags":633},"https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963",[631,625,632],"cve.org","osv_go",[634,635,636],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":638,"sources":639,"tags":640},"https://github.com/go-git/go-git/releases/tag/v5.18.0",[631,625,632],[641,642,643,636],"X Refsource MISC","Product","Release Notes",{"url":645,"sources":646,"tags":647},"https://github.com/go-git/go-git/releases/tag/v6.0.0-alpha.2",[631,625,632],[641,642,643,636],{"url":649,"sources":650,"tags":651},"https://nvd.nist.gov/vuln/detail/CVE-2026-41506",[632],[652],"Advisory",{"url":654,"sources":655,"tags":656},"https://github.com/go-git/go-git",[632],[657],"PACKAGE",[],{"date":660,"score":621,"percentile":661},"2026-06-05",0.22852,[663,667,670,673,676,680,684,687,690,693,696,699,702,705,708,711,714,717,720,723,726,729,732,735,738,741,744,747],{"date":664,"score":665,"percentile":666},"2026-05-09",0.00047,0.14471,{"date":668,"score":665,"percentile":669},"2026-05-10",0.14479,{"date":671,"score":665,"percentile":672},"2026-05-11",0.14465,{"date":674,"score":665,"percentile":675},"2026-05-12",0.14507,{"date":677,"score":678,"percentile":679},"2026-05-13",0.00053,0.16579,{"date":681,"score":682,"percentile":683},"2026-05-14",0.00057,0.17894,{"date":685,"score":682,"percentile":686},"2026-05-15",0.17896,{"date":688,"score":682,"percentile":689},"2026-05-16",0.17911,{"date":691,"score":682,"percentile":692},"2026-05-17",0.17892,{"date":694,"score":682,"percentile":695},"2026-05-18",0.17847,{"date":697,"score":682,"percentile":698},"2026-05-19",0.17834,{"date":700,"score":682,"percentile":701},"2026-05-20",0.17852,{"date":703,"score":682,"percentile":704},"2026-05-21",0.17838,{"date":706,"score":682,"percentile":707},"2026-05-22",0.17971,{"date":709,"score":682,"percentile":710},"2026-05-23",0.17957,{"date":712,"score":682,"percentile":713},"2026-05-24",0.17909,{"date":715,"score":682,"percentile":716},"2026-05-25",0.17887,{"date":718,"score":682,"percentile":719},"2026-05-26",0.1788,{"date":721,"score":682,"percentile":722},"2026-05-27",0.17973,{"date":724,"score":682,"percentile":725},"2026-05-28",0.18115,{"date":727,"score":682,"percentile":728},"2026-05-29",0.18178,{"date":730,"score":682,"percentile":731},"2026-05-30",0.18172,{"date":733,"score":682,"percentile":734},"2026-05-31",0.18162,{"date":736,"score":682,"percentile":737},"2026-06-01",0.18146,{"date":739,"score":621,"percentile":740},"2026-06-02",0.22769,{"date":742,"score":621,"percentile":743},"2026-06-03",0.22768,{"date":745,"score":621,"percentile":746},"2026-06-04",0.22772,{"date":660,"score":621,"percentile":661},[749,756,760],{"source":631,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":750,"cvss_v4_0":9},{"baseScore":751,"baseSeverity":752,"vectorString":753,"impactScore":754,"exploitabilityScore":755},4.7,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",2.3,7.2,{"source":625,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":757,"cvss_v4_0":9},{"baseScore":623,"baseSeverity":758,"vectorString":626,"impactScore":759,"exploitabilityScore":755},"HIGH",6.7,{"source":632,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":761,"cvss_v4_0":9},{"baseScore":751,"baseSeverity":9,"vectorString":753,"impactScore":754,"exploitabilityScore":755},[763,776,783,793],{"ecosystem":9,"name":764,"vendor":765,"product":764,"cpe_part":766,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":767},"go-git","go-git_project","a",[768,774],{"version":769,"is_range":770,"range_type":771,"version_start":9,"version_start_type":9,"version_end":772,"version_end_type":773,"fixed_in":9},"lt5.18.0",true,"cpe","5.18.0","excluding",{"version":775,"is_range":619,"range_type":771,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.0:alpha1",{"ecosystem":9,"name":764,"vendor":764,"product":764,"cpe_part":766,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":777},[778,780],{"version":779,"is_range":770,"range_type":631,"version_start":9,"version_start_type":9,"version_end":772,"version_end_type":773,"fixed_in":9},"\u003C 5.18.0",{"version":781,"is_range":770,"range_type":631,"version_start":9,"version_start_type":9,"version_end":782,"version_end_type":773,"fixed_in":9},"\u003C 6.0.0-alpha.2","6.0.0-alpha.2",{"ecosystem":784,"name":785,"vendor":786,"product":787,"cpe_part":9,"purl_type":788,"purl_namespace":786,"purl_name":787,"source":9,"versions":789},"Go","github.com/go-git/go-git/v5","github.com/go-git/go-git","v5","golang",[790],{"version":791,"is_range":770,"range_type":792,"version_start":9,"version_start_type":9,"version_end":772,"version_end_type":773,"fixed_in":9},"lt5_18_0","semver",{"ecosystem":784,"name":794,"vendor":786,"product":795,"cpe_part":9,"purl_type":788,"purl_namespace":786,"purl_name":795,"source":9,"versions":796},"github.com/go-git/go-git/v6","v6",[797],{"version":798,"is_range":770,"range_type":792,"version_start":9,"version_start_type":9,"version_end":782,"version_end_type":773,"fixed_in":9},"lt6_0_0_alpha_2"]